Deploy a role to trust child accounts
You can link multiple child accounts in bulk to the root account.
Note
To enable the root account of your organization to trust child accounts, Virtana recommends using StackSets.
Upload the pre-downloaded CloudFormation template to the appropriate AWS service and click Next.
Note
Verify that the file is accurate and accessible before uploading.
Configure the required parameters and click Next.
Configure the following required parameters.
Account ID: Enter the AWS account ID of the Virtana account that you intend to trust. Verify that the account ID is correct to avoid configuration issues.
External ID: Enter the customer organization ID. This parameter adds an additional layer of security by ensuring that requests are authenticated and originate only from your organization.
Role Name: Enter the same role name that you configured when running the first CloudFormation template. A default role name is provided, but you can customize it if needed. The role name must be identical across the root account and the roles created via the StackSet for linked accounts. A mismatch can cause deployment failure.
Choose the settings that meet your organizational requirements and click Next.
After the process is complete, verify that the roles have been successfully created in the child accounts.
Note
You can verify the trust relationship from Virtana. For more information, see Adding Linked Accounts in Bulk.
To stop monitoring a child account, you must manually remove the assigned role from that account.